• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

After BlackEnergy, critical infrastructure around the world is among key targets of the new malware called GreyEnergy.

by Cyber360 News
November 11, 2019
in Malware
0
After BlackEnergy, critical infrastructure around the world is among key targets of the new malware called GreyEnergy.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

After BlackEnergy, critical infrastructure around the world is among key targets of the new malware called GreyEnergy.

In its recent research, ESET has revealed details of a new group of cybercriminals dubbed as GreyEnergy, which seems to be the replacement of BlackEnergy APT group. The BlackEnergy group’s last activity was observed in December 2015 when nearly 230,000 people had to deal with a prolonged blackout due to a cyber attack on Ukrainian power grids.

Since 2016, ESET researchers have noticed, GreyEnergy has been attacking energy firms and other valuable targets in Poland and Ukraine since 2016. It seems as if the targets are critical infrastructure in Ukraine. Researchers also believe that the group is closely linked to the BlackEnergy group and attackers may be looking to launch cyber espionage attacks in the near future.

See: Air-conditioned apocalypse: A blackout scenario involving smart climate control devices

Furthermore, ESET researchers have evidence that GreyEnergy is linked to the group behind the highly destructive malware NotPetya, Telebots. Telebots is believed to have the backing of the GRU, Russian military intelligence service. Previously, researchers linked Telebots to another malware campaign Industroyer, which caused another blackout in Ukraine in 2016.

It is worth noting that ESET hasn’t really associated GreyEnergy to any specific state of the group, but has only suspected it to have links with different attacks on Ukrainian power grids in the past. They have declared GreyEnergy as one of the most “dangerous APT groups” that’s been attacking Ukraine for the last three years.

GreyEnergy: New malware targeting energy sector with espionage

Image credit: ESET

It is identified that GreyEnergy’s primary focus is on targeted attacks and stealth campaigns while the attackers utilize all possible sources to evade detection. Evidently, the key targets are the energy companies specifically those where industrial control system workstations run on SCADA software.

The reason ESET research believe that GreyEnergy is tied to BlackEnergy is that both are modular and employ a mini backdoor prior to obtaining admin rights after which a full backdoor is rolled out. Another similarity is that both the groups’ malware use remote command and control servers through active Tor relays. It is an operational security technique that the group uses to operate covertly.

Moreover, both the campaigns target the energy and critical infrastructure in Ukraine. One of the victims of BlackEnergy has also been targeted by GreyEnergy. BlackEnergy has remained inactive from the same time since GreyEnergy has been active, which further substantiates the fact that both groups are linked.

There are also signs that GreyEnergy is an evolved form of BlackEnergy, considering its ultra-modern toolkit that focuses more on stealth and the AES-256 encrypted fileless modules are pushed only when it is most necessary. These modules run in the memory to hinder the analysis and detection process.

GreyEnergy attacks through spear-phishing emails where users are lured into activating infected macros, and another method is by compromising public web servers. Vulnerable servers are used to obtain entry into networks and then gradually move across the network to attack targeted systems. Moreover, the group uses publically available tools such as WinExe, Nmap, Mimikatz, and PsExec to carry out its malicious activities while remaining under the radar at the same time.

See: Cyber Attacks Threatening Oil and Gas Sector Severely Now Than Ever Before

ESET warns that the group is active and quite possibly it is preparing another wave of attack or maybe another APT group is being established to carry out more advanced operations. For an organization to avoid getting attacked by GreyEnergy, here’s what ESET researcher Robert Lipovský recommends.

“Use multi-layered security solutions, including Endpoint Detection and Response, 2FA, backups, updated and patched software, and educate employees to not to fall prey to spear-phishing attacks.”

Cyber360 News

Cyber360 News

Next Post
Hackers are abusing Googlebot servers to deliver malicious payloads.

Hackers are abusing Googlebot servers to deliver malicious payloads.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In